---
title: "MastraJwtAuth Class | Auth"
description: "Documentation for the MastraJwtAuth class, which authenticates Mastra applications using JSON Web Tokens."
---

import Tabs from "@theme/Tabs";
import TabItem from "@theme/TabItem";

# MastraJwtAuth Class

The `MastraJwtAuth` class provides a lightweight authentication mechanism for Mastra using JSON Web Tokens (JWTs). It verifies incoming requests based on a shared secret and integrates with the Mastra server using the `auth` option.

## Installation

Before you can use the `MastraJwtAuth` class you have to install the `@mastra/auth` package.

```bash copy
npm install @mastra/auth@beta
```

## Usage example

```typescript {2,7-9} title="src/mastra/index.ts" showLineNumbers copy
import { Mastra } from "@mastra/core";
import { MastraJwtAuth } from "@mastra/auth";

export const mastra = new Mastra({
  // ..
  server: {
    auth: new MastraJwtAuth({
      secret: process.env.MASTRA_JWT_SECRET,
    }),
  },
});
```

> See the [MastraJwtAuth](/reference/v1/auth/jwt) API reference for all available configuration options.

## Configuring `MastraClient`

When `auth` is enabled, all requests made with `MastraClient` must include a valid JWT in the `Authorization` header:

```typescript {6} title="lib/mastra/mastra-client.ts" showLineNumbers copy
import { MastraClient } from "@mastra/client-js";

export const mastraClient = new MastraClient({
  baseUrl: "https://<mastra-api-url>",
  headers: {
    Authorization: `Bearer ${process.env.MASTRA_JWT_TOKEN}`,
  },
});
```

> See [Mastra Client SDK](/docs/v1/server-db/mastra-client) for more configuration options.

### Making authenticated requests

Once `MastraClient` is configured, you can send authenticated requests from your frontend application, or use `curl` for quick local testing:

<Tabs>
  <TabItem value="react" label="React">
    ```tsx title="src/components/test-agent.tsx" showLineNumbers copy
    import { mastraClient } from "../../lib/mastra-client";

    export const TestAgent = () => {
      async function handleClick() {
        const agent = mastraClient.getAgent("weatherAgent");

        const response = await agent.generate({
          messages: "Weather in London"
        });

        console.log(response);
      }

      return <button onClick={handleClick}>Test Agent</button>;
    };
    ```

  </TabItem>
  <TabItem value="curl" label="cURL">
    ```bash copy
    curl -X POST http://localhost:4111/api/agents/weatherAgent/generate \
      -H "Content-Type: application/json" \
      -H "Authorization: Bearer <your-jwt>" \
      -d '{
        "messages": "Weather in London"
      }'
    ```
  </TabItem>
</Tabs>

## Creating a JWT

To authenticate requests to your Mastra server, you'll need a valid JSON Web Token (JWT) signed with your `MASTRA_JWT_SECRET`.

The easiest way to generate one is using [jwt.io](https://www.jwt.io/):

1. Select **JWT Encoder**.
2. Scroll down to the **Sign JWT: Secret** section.
3. Enter your secret (for example: `supersecretdevkeythatishs256safe!`).
4. Click **Generate example** to create a valid JWT.
5. Copy the generated token and set it as `MASTRA_JWT_TOKEN` in your `.env` file.
